This is for all of you WordPress users. Recently a lot of vulnerabilities were discovered which allow hackers and script kiddies to have access to your website if you are running outdated versions of all the following plugins:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

The above plugins have already been updated by their developers to fix the issue so we strongly recommend logging into your WordPress admin panel and updating these as well any other plugins that are installed.

What can you do?

UPDATE WordPress

Yup! Get your WordPress to the latest latest version available. Go here to know what the latest version of WordPress is the one that was recently released -> WordPress.org

UPDATE Plugins

Go to your WP-ADMIN Dashboard and then to plugins and update all the ones that are outdated. Please note that this will probably cause some features to break, but its better to fix this than to get hacked and get your domain or server blacklisted. Preventive maintenance it’s ten times better than corrective maintenance. At least that is what my mother taught me.

REMOVE Plugins

If any of the plugins listed above is on your WordPress and it does not have a recent update less than 2 weeks ago (please note that today is May 12th 2015), remove it. It’s better be safe than sorry.

Also cut all the fat, and remove all the plugins that you are not using, even if you have them disabled it’s just safer to remove them for good. Bye, CIAO, ADIOS!!!

Say no to cracked or nulled Plugins and Themes

I know the idea of not paying for software might be appealing to you.. However I suggest to not be cheap when it comes to this, as it’s more often that these types of warez have some sort of injected code which will allow other to get access to your account and use it to run commands on your account remotely.

So do not be a part of the next DDoS attack or SPAM source. Pay for your plugins and themes, below are some great places to purchase your WordPress Themes and Plugins:

For Themes

For Plugins -> Code Canyon By Envato

Further reading

For more information about this vulnerability, please visit the following link:

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

Advertisements